Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4ee4d823-9869-449e-9541-10a647125e4a.roa
File:                     4ee4d823-9869-449e-9541-10a647125e4a.roa (raw, json)
Hash identifier:          kW3ANblRFQOle0M9hUbbLAPbyU0v1zz1jI4yCYaSkJg=
Subject key identifier:   2D:FA:88:E2:E2:18:18:C7:57:B3:A0:C7:2B:35:B1:3F:C2:78:CA:8B
Certificate issuer:       /CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
Certificate serial:       263E62EA8E9281C77FB4CCA53FD9F204FA989924
Authority key identifier: 8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4ee4d823-9869-449e-9541-10a647125e4a.roa
Signing time:             Mon 31 Mar 2025 19:51:40 +0000
ROA not before:           Mon 31 Mar 2025 19:51:40 +0000
ROA not after:            Mon 05 May 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        2a05:d07f:c000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            26:3e:62:ea:8e:92:81:c7:7f:b4:cc:a5:3f:d9:f2:04:fa:98:99:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8b6263dbe9799dd6793e0e882ad21cb4849970bc
        Validity
            Not Before: Mar 31 19:51:40 2025 GMT
            Not After : May  5 23:59:59 2025 GMT
        Subject: CN=6615a38b-3ad7-47b7-8fb2-685c38d00914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:28:b9:f7:db:e1:fc:3e:80:f3:9c:6c:b4:b7:
                    78:4b:79:35:cc:ac:73:2f:88:fa:b9:d1:97:5d:68:
                    96:45:eb:e1:ae:1d:23:65:1c:c1:c1:dc:78:cb:e8:
                    3d:4e:1d:4b:14:b9:6a:9f:8b:7c:8e:f5:14:de:58:
                    ac:39:a1:84:0f:31:b2:c9:ea:70:f7:99:9f:74:f1:
                    9b:e6:03:1b:d6:3d:c1:4e:97:e5:4b:ec:c4:0f:12:
                    ad:e6:8b:a6:17:0a:e8:bb:61:78:c1:ae:87:e2:81:
                    85:ea:3c:30:5d:c6:5e:1c:93:eb:45:7b:8c:d4:3e:
                    53:cb:6a:1d:3b:ae:81:58:0f:aa:da:83:e4:be:50:
                    e3:79:2b:72:24:84:80:e1:19:fa:96:e3:ec:04:df:
                    cc:2b:69:b4:cf:80:3c:98:17:af:ee:6a:84:2f:92:
                    ae:e2:80:70:26:80:c0:5d:9d:dd:d0:ef:64:f7:e7:
                    93:1e:a7:51:b0:13:7d:88:80:96:b0:02:d6:e8:7d:
                    0e:55:db:7e:49:90:ad:12:68:26:25:e5:62:9a:f3:
                    5e:38:04:5b:7a:81:79:1f:bf:21:04:0d:5a:18:af:
                    a1:a0:61:88:8c:b3:15:ac:0c:c0:7e:7a:2c:d4:ab:
                    ec:a0:91:83:17:6d:d0:c3:39:6d:b9:67:d4:a8:19:
                    92:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:FA:88:E2:E2:18:18:C7:57:B3:A0:C7:2B:35:B1:3F:C2:78:CA:8B
            X509v3 Authority Key Identifier:
                keyid:8B:62:63:DB:E9:79:9D:D6:79:3E:0E:88:2A:D2:1C:B4:84:99:70:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i2Jj2-l5ndZ5Pg6IKtIctISZcLw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/4ee4d823-9869-449e-9541-10a647125e4a.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/dba8f01c-9669-44a3-ac6e-db2edb099b84/uODatdtYc1HrhtUQVQyrDK08GeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a05:d07f:c000::/40

    Signature Algorithm: sha256WithRSAEncryption
         4b:08:c4:38:85:0d:33:cd:12:a5:8a:a8:11:48:2c:c2:3a:fe:
         49:b2:56:8a:b4:2e:55:8a:fc:da:f2:62:13:32:31:30:de:a0:
         95:fb:73:d6:10:61:27:ac:5a:bd:34:a4:75:7b:86:d2:66:19:
         65:ab:eb:d6:a2:b7:01:09:67:42:1a:0f:7b:6b:0a:80:70:e5:
         14:d5:10:f7:bc:d6:b8:40:cd:eb:5a:8a:d6:d9:82:eb:64:72:
         44:04:92:03:81:0a:01:28:64:92:d6:39:02:eb:c3:70:3b:92:
         ce:b4:20:76:2c:76:56:cb:46:0e:79:15:a5:b4:72:4c:bd:6c:
         f9:19:1f:51:c0:4c:b6:0f:5c:5c:28:0c:66:04:32:ee:2b:11:
         d5:c3:44:36:f6:04:1e:a5:c4:4a:06:8e:e5:f4:ee:75:1e:1a:
         aa:47:99:44:30:4a:e8:51:88:e9:8c:d1:a9:12:06:58:70:7f:
         70:42:66:35:4c:45:b3:4f:0b:b0:3e:6d:c0:e2:33:9f:47:78:
         bf:e5:08:ab:b4:a6:46:b3:61:2d:a7:93:aa:51:42:0c:4a:9d:
         18:3f:07:41:9e:41:7d:17:c4:e5:34:6f:7f:71:6d:84:31:0d:
         3f:09:9d:a8:f2:4e:a5:c6:fc:54:89:86:6e:a1:42:ec:76:df:
         a6:67:90:81
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIUJj5i6o6Sgcd/tMylP9nyBPqYmSQwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOGI2MjYzZGJlOTc5OWRkNjc5M2UwZTg4MmFkMjFjYjQ4
NDk5NzBiYzAeFw0yNTAzMzExOTUxNDBaFw0yNTA1MDUyMzU5NTlaMHoxSTBHBgNV
BAUTQDJjMWYyNmNmMDFmODlkMzM5OWE2Y2EyODRjZTcxYTllY2UzMjk0YmYwNzVh
MGNmODdmZjVhZmI5MjM0NTU2MDgxLTArBgNVBAMTJDY2MTVhMzhiLTNhZDctNDdi
Ny04ZmIyLTY4NWMzOGQwMDkxNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANIouffb4fw+gPOcbLS3eEt5Ncyscy+I+rnRl11olkXr4a4dI2UcwcHceMvo
PU4dSxS5ap+LfI71FN5YrDmhhA8xssnqcPeZn3Txm+YDG9Y9wU6X5UvsxA8SreaL
phcK6LtheMGuh+KBheo8MF3GXhyT60V7jNQ+U8tqHTuugVgPqtqD5L5Q43krciSE
gOEZ+pbj7ATfzCtptM+APJgXr+5qhC+SruKAcCaAwF2d3dDvZPfnkx6nUbATfYiA
lrAC1uh9DlXbfkmQrRJoJiXlYprzXjgEW3qBeR+/IQQNWhivoaBhiIyzFawMwH56
LNSr7KCRgxdt0MM5bbln1KgZkkECAwEAAaOCAiMwggIfMB0GA1UdDgQWBBQt+oji
4hgYx1ezoMcrNbE/wnjKizAfBgNVHSMEGDAWgBSLYmPb6Xmd1nk+Dogq0hy0hJlw
vDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhy
c3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2kySmoyLWw1
bmRaNVBnNklLdEljdElTWmNMdy5jZXIwgZ4GCCsGAQUFBwELBIGRMIGOMIGLBggr
BgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6b25hd3Mu
Y29tL3ZvbHVtZS9kYmE4ZjAxYy05NjY5LTQ0YTMtYWM2ZS1kYjJlZGIwOTliODQv
NGVlNGQ4MjMtOTg2OS00NDllLTk1NDEtMTBhNjQ3MTI1ZTRhLnJvYTCBiAYDVR0f
BIGAMH4wfKB6oHiGdnJzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIuYW1hem9u
YXdzLmNvbS92b2x1bWUvZGJhOGYwMWMtOTY2OS00NGEzLWFjNmUtZGIyZWRiMDk5
Yjg0L3VPRGF0ZHRZYzFIcmh0VVFWUXlyREswOEdlSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoF0H/A
MA0GCSqGSIb3DQEBCwUAA4IBAQBLCMQ4hQ0zzRKliqgRSCzCOv5JslaKtC5Vivza
8mITMjEw3qCV+3PWEGEnrFq9NKR1e4bSZhllq+vWorcBCWdCGg97awqAcOUU1RD3
vNa4QM3rWorW2YLrZHJEBJIDgQoBKGSS1jkC68NwO5LOtCB2LHZWy0YOeRWltHJM
vWz5GR9RwEy2D1xcKAxmBDLuKxHVw0Q29gQepcRKBo7l9O51HhqqR5lEMEroUYjp
jNGpEgZYcH9wQmY1TEWzTwuwPm3A4jOfR3i/5QirtKZGs2Etp5OqUUIMSp0YPwdB
nkF9F8TlNG9/cW2EMQ0/CZ2o8k6lxvxUiYZuoULsdt+mZ5CB
-----END CERTIFICATE-----